Errors, Fraud, Risk Management, and Internal Controls

Slides:



Advertisements
Similar presentations
Computer Fraud Chapter 5.
Advertisements

Computer Fraud Chapter 5.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems
Control and Accounting Information Systems
Auditing Computer-Based Information Systems
Auditing Computer Systems
Auditing Computer-Based Information Systems
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Introducing Computer and Network Security
CHAPTER 10 UNDERSTANDING INTERNAL CONTROLS Fall 2007
©2003 Prentice Hall Business Publishing, Auditing and Assurance Services 9/e, Arens/Elder/Beasley The Impact of Information Technology on the Audit.
IDENTIFYING RISKS AND CONTROLS IN BUSINESS PROCESS FL Jones and DV Rama.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Session 3 – Information Security Policies
Information Systems Controls for System Reliability -Information Security-
INTERNAL CONTROL OVER FINANCIAL REPORTING
Chapter 10: Computer Controls for Organizations and Accounting Information Systems
Chapter 8 Introduction to Internal Control Systems
Chapter 9: Introduction to Internal Control Systems
Computer Based Information Systems Control UAA – ACCT 316 – Fall 2003 Accounting Information Systems Dr. Fred Barbee.
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 3-1 Chapter Three Risk Assessment and Materiality Chapter Three.
Introduction to Internal Control Systems
INTRODUCTION Why AIS threats are increasing
Chapter 5 Internal Control over Financial Reporting
Internal Control in a Financial Statement Audit
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)
INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Risk Management. IT Controls Risk management process Risk management process IT controls IT controls IT Governance Frameworks IT Governance Frameworks.
Internal Controls and Fraud Convery Describe an Internal Controls System and its elements Identify specific Internal Control issues in a NPO Consider.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.
The “F” Word: Fraud Presented by: Donna Mayes, CPA.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin 6-1 Chapter Six Internal Control in a Financial Statement Audit.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Chapter 9: Introduction to Internal Control Systems
IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Internal Control. McGraw-Hill/Irwin © 2004 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition A process...designed.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Internal Control Chapter 7. McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, Inc., All Rights Reserved. 7-2 Summary of Internal Control Definition.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
SUNY Maritime College Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal.
Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.
Auditing Concepts.
Internal Control Principles
INFORMATION SYSTEMS SECURITY AND CONTROL.
Chapter 11 Designing Inputs, Outputs, and Controls.
Internal Control in a Financial Statement Audit
Chapter 4 The Revenue Cycle 1.
APPLICATION RISK AND CONTROLS
Managing the IT Function
The Impact of Information Technology on the Audit Process
Defining Internal Control
The Impact of Information Technology on the Audit Process
NHTCA New Tax Collector Training Series
INFORMATION SYSTEMS SECURITY and CONTROL
Internal controls 01-Nov-2017.
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

Errors, Fraud, Risk Management, and Internal Controls

The Risk Management Puzzle Individual Risk Management Accounting Information Systems Controls Assets & Fraud Types Controls

Individuals Errors Fraud

Errors Errors may be the result of many factors Distractions – Concurrent tasks, work environment, personal situations, Complexity – It’s easier to complete a simple task than a hard one. Limitations – Fatigue, cognitive limitations, etc. Errors

Fraud Rationalization Opportunity Need

The Fraud Triangle Pressure - what causes a person to commit fraud. Opportunity - the ability to commit fraud. Rationalization – talking oneself into coming the fraud even though it may go against his/her own values.

Assets and Fraud Types

Assets Processes Cash People Software Hardware Inventory Data Facilities

Fraud Types Internal vs. external, on-book vs. off-book Cash Internal vs. external, on-book vs. off-book Misrepresentation of material facts, failure to disclose material facts, embezzlement, larceny, bribery, illegal gratuity Inventory Data

Risk Management and Controls Individual Accounting Information Systems Controls Assets & Fraud Types Controls

Risk Management and Controls Risk control strategies and goals Risk management process Asset Identification Risk Assessment IT Controls Specification Documentation

Risk Control Strategies Avoidance Policy, Training and Education, or Technology Transference – shifting the risk to other assets, processes, or organizations (insurance, outsourcing, etc.) Mitigation – reducing the impact through planning and preparation Acceptance – doing nothing if the cost of protection does not justify the expense of the control

Information System Goals - CIA Triangle Confidentiality Integrity Availability

CIA Triangle Confidentiality – Insuring that information is accessible only by those who are properly authorized Integrity – Insuring that data has not be modified without authorization Availability – Insuring that systems are operational when needed for use

Application Control Goals Input validity Input data approved and represent actual economic events and objects Input completeness Requires that all valid events or objects be captured and entered into the system Input Accuracy Requires that events be correctly captured and entered into the system 15

The Risk Management Process Identify IT Assets Assess IT Risks Identify IT Controls Document IT Controls monitor

Risk Management – Asset Identification Processes People Hardware Software Cash Inventory Data Facilities

Assets Valuation - What do we stand to lose? Assets: People, Data, Hardware, Software, Facilities, (Procedures) Valuation Methods Criticality to the organization’s success Revenue generated Profitability Cost to replace Cost to protect Embarrassment/Liability

Assess - AIS Threat Examples Fraud Computer crimes Nonconformity with agreements & contracts between the organization & third parties Violations of intellectual property rights Noncompliance with other regulations & laws Computerized transactions systems increase some risks and decrease others

Copyright 2007 John Wiley & Sons, Inc Assess IT Risks Copyright 2007 John Wiley & Sons, Inc

Risk Assessment Risk assessment is the process of making a network more secure, by comparing each security threat with the control designed to reduce it (where are controls needed?). Cost Benefit Assessment (which controls are appropriate based on cost reward tradeoff?) Vulnerability Assessment (how effective are the controls?; are they working properly?)

Threats Continued Destruction – Loss of data Disruption – Loss of service Disaster – Physical damage do to environment Intrusion – Human acts

Controls Risk Management Controls Individual Controls Accounting Information Systems Controls Assets & Fraud Types Controls

Classification of Controls Preventive Controls: Issue is prevented from occurring – cash receipts are immediately deposited to avoid loss Detective Controls: Issue is discovered – unauthorized disbursement is discovered during reconciliation Corrective Controls: issue is corrected – erroneous data is entered in the system and reported on an error and summary report; a clerk re-enters the data 24

Classification of Controls Administrative – Policies, procedures, standards, and guidelines. Logical/Technical – Monitoring and access control via IT. Physical – Control of physical access to computing equipment.

Classification of Controls COSO identifies two groups of IT controls: Application controls – apply to specific applications and programs, and ensure data validity, completeness and accuracy General controls – apply to all systems and address IT governance and infrastructure, security of operating systems and databases, and application and program acquisition and development

IT Governance …the process for controlling an organization’s IT resources, including information and communication systems, and technology. …using IT to promote an organization’s objectives and enable business processes and to manage and control IT related risks. IT Auditors ensure IT governance by assessing risks and monitoring controls over those risks

Segregation of Duties Transaction authorization is separate from transaction processing. Asset custody is separate from record-keeping responsibilities. The tasks needed to process the transactions are subdivided so that fraud requires collusion. 3 28

Other Controls Supervision – Harder to commit fraud under a watchful eye Mandatory Leave – Harder to commit fraud without constant attention to its details Policy – Appropriate Use, Disclosure of beneficial interests, tec. 3 29

Documenting IT Controls Internal control narratives Flowcharts – internal control flowchart IC questionnaires

Risk Assessment One way to do this is by developing a control spreadsheet Network assets are listed down the side. Threats are listed across the top of the spreadsheet. The cells of the spreadsheet list the controls that are currently in use to address each threat.

Valuation of Asset Assets: People, Data, Hardware, Software, Facilities, (Procedures) Valuation Methods Criticallity to the organization’s success Revenue generated Profitability Cost to replace Cost to protect Embarrassment/Liability

Sample Control Spreadsheet   Sample Control Spreadsheet     Copyright 2007 John Wiley & Sons, Inc

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.